chrome security

  1. CVE-2026-11691 Chrome New Tab Page Fix: Cross-Origin Leak After Renderer Compromise

    CVE-2026-11691 is a high-severity Chromium vulnerability disclosed in June 2026 in Google Chrome’s New Tab Page, fixed before version 149.0.7827.103, that could let an attacker who had already compromised the renderer leak cross-origin data through a crafted HTML page. The awkward phrasing...
  2. CVE-2026-11688: Urgent Chrome SVG Bug—Patch Now to Stop Sandbox Code Execution

    Google Chrome before version 149.0.7827.103 contains CVE-2026-11688, a high-severity SVG implementation flaw disclosed on June 8, 2026, that can let a remote attacker execute arbitrary code inside Chrome’s sandbox when a user opens a crafted HTML page. That is the plain answer; the more useful...
  3. CVE-2026-11684: Update Chrome Now to Prevent Cross-Origin Data Leaks

    Google Chrome before 149.0.7827.103 contains CVE-2026-11684, a high-severity Chromium Network flaw disclosed on June 8, 2026, that could let an attacker leak cross-origin data after compromising Chrome’s utility process through a crafted HTML page. The short version for Windows users is simple...
  4. CVE-2026-11676 Chrome Dawn Sandbox Escape: NVD CPE Mismatch Explained

    Google Chrome’s CVE-2026-11676 was published on June 8, 2026, as a high-severity Dawn vulnerability affecting Linux and ChromeOS before Chrome 149.0.7827.103, with NVD later adding a CPE configuration that appears narrower and messier than the plain-language advisory suggests. The uncomfortable...
  5. CVE-2026-11673: Chrome InterestGroups Use-After-Free—Patch Chrome 149 Now

    Google assigned CVE-2026-11673 to a high-severity use-after-free flaw in Chrome’s InterestGroups component, fixed in Chrome 149.0.7827.103 for Windows and macOS before June 9, 2026, after NVD published the entry on June 8. The exploit condition is brutally familiar: a crafted HTML page, user...
  6. CVE-2026-11671 Chrome Navigation Use-After-Free: Windows Patch and Restart Guidance

    Google disclosed CVE-2026-11671 on June 8, 2026, as a high-severity use-after-free flaw in Chrome’s Navigation component affecting desktop Chrome versions before 149.0.7827.103, with exploitation possible through a crafted HTML page and potential sandbox escape. That is the kind of browser bug...
  7. CVE-2026-11668: Chrome Codecs Cross-Origin Data Leak and What Admins Should Do

    Google disclosed CVE-2026-11668 on June 8, 2026, as a high-severity Chromium codecs flaw affecting Google Chrome on Linux and ChromeOS before version 149.0.7827.103, where a crafted video file could let a remote attacker leak cross-origin data. The bug is not the loudest item in the June Chrome...
  8. CVE-2026-11666 Chrome UI Spoofing Fix (Update to 149.0.7827.103)

    Google assigned CVE-2026-11666 to a high-severity Chrome flaw fixed on June 8, 2026, in desktop builds before 149.0.7827.103, where insufficient validation of untrusted input in the browser’s Input component could let a remote attacker spoof UI through a crafted HTML page. The narrow description...
  9. CVE-2026-11663 Chrome Skia Use-After-Free: Patch 149.0.7827.103 on Windows

    CVE-2026-11663 is a high-severity Google Chrome vulnerability published on June 8, 2026, affecting Chrome versions before 149.0.7827.103, where a use-after-free flaw in Skia could let an attacker who already compromised the renderer attempt a sandbox escape through crafted HTML. That is the dry...
  10. CVE-2026-11661 Chrome for Windows: Patch Sandbox Escape Use-After-Free

    Google disclosed CVE-2026-11661 on June 8, 2026, as a high-severity Windows-only Chrome use-after-free flaw in the browser’s Views component, fixed before version 149.0.7827.103 and capable of helping an attacker escape the renderer sandbox after a separate renderer compromise. That last...
  11. CVE-2026-11657: Chrome macOS Payments Use-After-Free—Update to 149.0.7827.103

    Google assigned CVE-2026-11657 to a high-severity use-after-free flaw in Chrome’s Payments component on macOS, fixed in Chrome 149.0.7827.103 after disclosure on June 8, 2026, with NVD and CISA-ADP describing a crafted HTML page as the remote attack path. The short version is simple: Mac users...
  12. Chrome CVE-2026-11646 Fix: Patch ViewTransitions Use-After-Free (June 8, 2026)

    Google patched CVE-2026-11646, a high-severity use-after-free flaw in Chrome’s ViewTransitions component, in the June 8, 2026 Stable Channel desktop update, affecting Chrome versions before 149.0.7827.103 and exposing users to possible sandboxed code execution through a crafted HTML page. The...
  13. CVE-2026-11643 Chrome Proxy Use-After-Free: Patch Guide for Windows Admins

    Google disclosed CVE-2026-11643 on June 8, 2026, as a critical use-after-free vulnerability in Chrome’s Proxy component affecting versions before 149.0.7827.103, with NVD later listing affected Chrome builds on Windows, macOS, and Linux. The uncomfortable part is not merely that Chrome had...
  14. CVE-2026-11642: Critical Chromium Web Apps Sandbox Escape Fixed in Chrome 149

    Google disclosed CVE-2026-11642 on June 8, 2026, as a critical Chromium Web Apps use-after-free flaw fixed in Chrome before version 149.0.7827.103, affecting desktop Chrome on Windows, macOS, and Linux where a crafted HTML page could help escape the browser sandbox. That is the dry database...
  15. CVE-2026-11640 Chrome libyuv Integer Overflow: Patch 149.0.7827.102/.103 Now

    Google disclosed CVE-2026-11640 on June 8, 2026, as a critical integer overflow in Chrome’s bundled libyuv library, fixed in Chrome 149.0.7827.102/.103 for desktop platforms, with NVD describing it as a renderer-compromise-to-sandbox-escape flaw triggered through a crafted HTML page. The short...
  16. Chrome 149 Patch CVE-2026-11638 Printing Bug: Windows Sandbox Escape Risk

    Google patched CVE-2026-11638 on June 8, 2026, in Chrome 149.0.7827.102/.103 for desktop platforms after documenting a critical use-after-free flaw in Chrome’s Printing component that could let a remote attacker potentially escape the browser sandbox through a crafted HTML page. The bug is not...
  17. Chrome CVE-2026-11636 Autofill Use-After-Free on Windows: Patch Before It Risks

    Google Chrome CVE-2026-11636 was published by NVD on June 8, 2026, after Google disclosed a critical Windows-specific Autofill use-after-free flaw fixed in Chrome versions before 149.0.7827.103. The bug is not the loudest Chrome issue of the week, and that is precisely why it deserves attention...
  18. Chrome CVE-2026-11639 (Use-After-Free): June 8 Patch Checklist for Windows Admins

    Google patched CVE-2026-11639 on June 8, 2026, in Chrome 149.0.7827.103 for Mac, fixing a critical use-after-free flaw in Chromium’s Compositing component that could let a remote attacker execute code through a crafted HTML page. The bug is narrow in platform labeling but broad in practical...
  19. CVE-2026-11635: Chrome macOS Bluetooth Use-After-Free Sandbox Escape Fix

    Google Chrome before version 149.0.7827.103 on macOS contains CVE-2026-11635, a critical Chromium Bluetooth use-after-free flaw disclosed June 8, 2026, that could let a remote attacker who already compromised the renderer process escape Chrome’s sandbox through a crafted HTML page. That is the...
  20. CVE-2026-11634 Chrome Windows: Patch Before 149.0.7827.103

    Google Chrome on Windows before version 149.0.7827.103 is affected by CVE-2026-11634, a critical use-after-free flaw in the browser’s Gamepad component that Google disclosed in June 2026 and that could let a remote attacker attempt a sandbox escape through a crafted HTML page. The practical...